U.S. Serial No.: 10/804.799 



CLAIMS 

1. (currently amended) In a system for formalizing, diffusing, and enforcing 
policy advisories and for monitoring policy compliance in the management of the 
a network[[s]] of computational devices, said system comprising a plurality of 
distributed clients, each of which runs on a corresponding networked 
computational device, an apparatus comprising: 

an enterprise console comprising a centrally managed advisory diffusion 
mechanism and a protocol for diffusing said advisories across said network of 
computational devices : 

a plurality of advisories specifying relevance criteria and an action, at least 
one advisory describing a problem that has been discovered on a client 
computational device : 

wherein said distributed clients running on said associated computational 
devices gather said advisories and process said advisories; and 

wherein each of said distributed clients, each running on an associated 
computational device, determines relevance of an advice message by evaluating 
a relevance clause of said advice message, while automatically retrieving 
properties of the computational device on which said client runs: . 

wherein said advisories formally target specific states of a computational 
device associated with a client running thereon and formally specify actions to 
take in response thereto; 

wherein said client implements associated actions received from said 
console . 

2. (original) The apparatus of Claim 1 , said system further comprising: 

a central server coupled to a central database, said central server storing 
data in and retrieving data from said central database. 

3. cancelled 

. 2 
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4. (currently amended) The apparatus of Claim [[3j] 1, wherein said 
relevance clause is written in a formal descriptive language; and wherein said 
advisory comprises a short, clear explanation of said problem. 

5. (original) The apparatus of Claim 4, further comprising: 

means for adding, modifying, or canceling a subscription of a distributed 
client to one or more advice provider sites. 

6. (original) The apparatus of Claim 5, further comprising: 

means for selecting a group of computational devices, specifying action 
messages, scheduling, and controlling execution when deploying actions 
proposed by relevant advice messages. 

7. (original) The apparatus of Claim 6, further comprising: 

means for securely deploying actions of relevant advice messages to a 
selected group of said distributed clients. 

8. (original) The apparatus of Claim 7, further comprising: 
means for monitoring status of deployed actions. 

9. (original) The apparatus of Claim 8, further comprising: 

means for stopping previously deployed actions which have not finished 
running. 

1 0. (original) The apparatus of Claim 9, further comprising: 

means for monitoring status of each computational device while actions 
are being deployed and executed. 



PACE 4/26 • RC VO AT 4/3/2007 6:10:06 PM [Eastern Daylight Time] • SVR:USPTO-EFXRF-5/22 * DNIS: 2738300 " CSID:650 474 8401 ■ DURATION (mm-ss):06-08 



04/Q3/2007 TUB 16:10 FAX 650 474 8401 ® 0 .?5/J?,26 

Attorney Docket No.: UNIV0007 U.S. Serial No.: 10/804,799 

11. (original) The apparatus of Claim 10, wherein said means for monitoring 
allows said system administrator to define and retrieve customized properties of 
computational devices using a formal descriptive language. 

12. (currently amended) An enterprise management apparatus, comprising: 

a centrally managed advisory diffusion server for gathering advisories 
from an advisory site, wherein an said adv i sories advisory comprises relevance 
criteria and an action, and wherein an s a i d a dvi s or i es advisory idont i fy identifies 
relevant computers on a network of computational devices and allows 
authorized personnel to monitor, modify, and maintain said computers across 
any subset of said network; 

a console in communication with said server for displaying any of changes 
and new knowledge about said network of computational devices ; and 

a plurality of clients, each running on an associated computational device, 
associated with said network of computational devices , each client processing 
said advisories based upon a relevance determination, inspecting [an] said 
associated comput e r computational device , and reporting any relevance 
determination and actions to said server; 

wherein said client implements associated actions received from said 
console. 

13. (original) The apparatus of Claim 12, further comprising: 

a plurality of relays for relaying said advisories to said clients and for 
receiving related data from said client to forward to said server. 

14. (original) The apparatus of Claim 12, said console further comprising: 
means for a console operator to target patches or other fixes to 

appropriate computers when vulnerabilities are discovered. 

15. (original) The apparatus of Claim 14, said console further comprising: 
means for following progress of said patches or fixes in near real-time as 

4 . 
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they spread to all relevant computers and, one by one, eliminate bugs and 
vulnerabilities for affected computers across said network. 

16. (original) The apparatus of Claim 12, further comprising: 

means for keeping a running history of any and all remedial actions taken 
with regard to said computers. 

17. (original) The console of Claim 12, further comprising: 

means for providing a detailed audit trail for every action and every 
maintained computer on said network. 

18. (currently amended) In a network comprising a plurality of managed 
computers, an enterprise management apparatus, comprising: 

a console for providing a system-wide view of said network of managed 
computers, along with specific characteristics of each computer ther e of arid 
associated actions and for distributing information only to those computers for 
which said information is relevant; 

a client running on and associated with each managed computer for 
accessing a collection of messages comprising said information, a nd th a t which 
messages identify relevant computer characteristics, wherein if said 
characteristics are identified, said client running on and associated with _a 
computer implements associated actions received from said console on said 
associated computer : and 

a server for coordinating information flow to and from individual clients, 
each client running on and associated with a networked computer, and for storing 
results in a database. 

19. (original) The apparatus of Claim 18, further comprising: 

a relay for offloading said server, wherein a plurality of clients point to a 
relay for downloads, which in turn makes only a single request of said server. 

5 
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20. (original) The apparatus of Claim 19, wherein a plurality of interaccessible 
relays are provided. 

21. (original) The apparatus of Claim 18, further comprising: 

a report module for maintaining an audit trail of all console activity on said 
network. 

22. (original) The apparatus of Claim 1 8, further comprising: 

a filter panel for providing a set of folders that contains specific field values 
to focus console activity. 

23. (original) The apparatus of Claim 18, wherein each message describes a 
problem that has been discovered on a client, and a short, clear explanation of 
said problem. 

24. (original) The apparatus of Claim 18, further comprising: 

a human-readable relevance language for said messages that provides 
expressions for querying an exhaustive set of computer properties to target 
actions only to those computers matching predetermined relevance criteria. 

25. (currently amended) In a system for formalizing, diffusing, and enforcing 
policy advisories and for monitoring policy compliance in the management of a 
the a network[[s]] of computational devices, said system comprising a plurality of 
distributed clients, each of which runs on a. corresponding networked 
computational device, and a server for coordinating information flow to and from 
individual clients, an apparatus comprising: 

at least one relay for offloading a download burden from said server, 
wherein said clients download from a designated relay; 

wherein said server distributes each advisory once to said relay, which in 
turn distributes said advisory to said clients; and 

wherein overhead on said server is reduced by a ratio of relays to clients. . 

6 
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26. (original) The apparatus of Claim 25, wherein for each client in said 
network, both a primary and a secondary relay are specified. 

27. (original) The apparatus of Claim 26, wherein each client first attempts to 
download from its primary relay; and wherein if said primary relay is unavailable 
for a client, said client can download from said secondary relay. 

28. (currently amended) The apparatus of Claim 26, wherein if said primary 
. relay fails, said secondary relay becomes a primary relay. 

29. (currently amended) The apparatus of Claim 28, wherein if said secondary 
also fails, said client automatically downloads directly from said server. 

30. (currently amended) In a system for formalizing, diffusing, and enforcing 
policy advisories and for monitoring policy compliance in the management of a 
toe network[[s]] of computational. devices, said system comprising a plurality of 
distributed clients, each of which runs on a corresponding networked 
computational device, a rinethod comprising the steps of: 

providing a centrally managed advisory diffusion mechanism and a 
protocol for diffusing said advisories across said network of computational 
devices : 

providing a plurality of advisories specifying relevance criteria and an 
action, at least one advisory describing a problem that has been discovered on a 
client computational device , said advisory comprising a short, clear explanation 
of said. problem; 

wherein said distributed clients , each client running on and associated 
with a networked computational device, gather said advisories and process said 
advisories; 

each of said distributed clients determining relevance of an advice 
message by evaluating a relevance clause of said advice message, while 

7 : 
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automatically retrieving properties of the computational device on which said 
client runs and with which it is associated ; and 

wherein said advisories formally target specific states of a computational 
device and fprmally specify actions to take in response thereto. 

31 . (original) The method of Claim 30, further comprising the step of: 
providing a central server coupled to a central database, said central 

server storing data in and retrieving data from said central database. 

32. cancelled 

33. (currently amended) The method of Claim [[32]] 30, wherein said 
relevance clause is written in a formal descriptive language. 

34. (original) The method of Claim 33, further comprising the step of: 

any of adding, modifying, and canceling a subscription of a distributed 
client to one or more advice provider sites. 

35. ; (original) The method of Claim 34, further comprising the step of: . 

selecting a group of computational devices, specifying action messages, 
scheduling, and controlling execution when deploying actions proposed by 
relevant advice messages. 

36. (original) The method of Claim 35, further comprising the step of: 
securely deploying actions of relevant advice messages to a selected 

group of said distributed clients. 

37. (original) The method of Claim 35, further comprising the step of: 
. monitoring status of deployed actions. 

38. (original) The method of Claim 37, further comprising the step of: 

8 - 
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stopping previously deployed actions which have not finished running. 

39. (original) The method of Claim 38, further comprising the step of: 
monitoring status of each computational device while actions are being 

deployed and executed. 

40. ? (original) The method of Claim 39, wherein said monitoring step allows 
said system administrator to define and retrieve customized properties of 
computational devices using a formal descriptive language. 

41. (currently amended) An enterprise management method, comprising the 
steps of: 

gathering advisories from an advisory site with a centrally, managed 
advisory diffusion server, wherein said advisories compris e each advisory 
comprises relevance criteria and an action, and wherein each advisory identifies 
s ai d - advisori e s -i d e nt i fy relevant computers on a network and allows authorized 
personnel to monitor, modify, and maintain said computers across any subset of 
said network; 

displaying any of changes and new knowledge about said network with a 
console in communication with said server; and 

providing a plurality of clients, each client associated with and running on . 
a networked computational device, associated with said network, each client 
processing said advisories based upon a relevance determination, inspecting its 
an associated computer, and reporting any relevance determination and actions 
to said server. 

42. (original) The method of Claim 41 , further comprising the step of: 
relaying said advisories to said clients and receiving related data from said 

client to forward to said server with a plurality of relays. 

43.. (currently amended) The method of Claim 41, said console further 

• 9 ■ ; 

- PACE 10/26 • RCVD AT 4/3/2007 6:10:06 PM [Eastern Daylight Time] * SVR-.USPTO-EFXRF-5/22 " DNIS: 2738300 * CSID:650 474 8401 * DURATION (mm-ss):06-08 



(2010/026 

U.S. Serial No.: 10/804,799 



04/03/2007 TUE 16:12 FAX 650 474 8401 _ 12011/026 

Attorney Docket No.: UNIV0007 U.S. Serial No.: 10/804,799 

comprising the step of: 

a console operator to target targ e t i ng patches or other fixes to appropriate 
computers when vulnerabilities are discovered. 

44. (original) The method of Claim 43, said console further comprising the 
step of: 

following progress of said patches or fixes in near real-time as they spread 
to all relevant computers and, one by one, eliminate bugs and vulnerabilities for 
affected computers across said network. 

45. (original) The method of Claim 43, further comprising the step of: 
keeping a running history of any and all remedial actions taken with regard 

to said computers. 

46. (original) The method of Claim 43, further comprising the step of: 
providing a detailed audit trail for every action and every maintained 

computer on said network. 

47. (currently amended) An enterprise management method for a network 
comprising a plurality of managed computers, comprising the steps of: 

providjng a system-wide view of said network of managed computers, 
along with specific characteristics thereof and associated actions, and for 
distributing information only to those computers for which said information is 
relevant; 

providing a client running on and associated with each managed computer 
for accessing a collection of messages comprising said information and that 
identify relevant computer characteristics, wherein if said characteristics are 
identified, said client implements associated actions received from said console; 
and 

• coordinating information flow to and from individual clients and for storing 
results in a database. 

10 
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48. (original) The method of Claim 47, further comprising the step of: 
offloading said server with a relay, wherein a plurality of clients point to a 

relay for downloads, which in turn makes only a single request of said server. 

49. (original) The method of Claim 48, wherein a plurality of interaccessible 
relays are provided. 

50. (original) The method of Claim 47, further comprising the step of: 
maintaining an audit trail of ail console activity on said network. 

51 . (original) The method of Claim 47, further comprising the step of: 
providing a set of folders that contains specific field values to focus 

console activity. 

52. (original) The method of Claim 47, wherein each message describes a 
problem that has been discovered on a client, and a short, clear explanation of 
said problem. 

53. (original) The method of Claim 47, further comprising the step of: 
providing a human-readable relevance language for said messages that 

provides expressions for querying an exhaustive set of computer properties to 
target actions only to those computers maiching predetermined relevance criteria. 

54. (currently amended) In a system for formalizing, diffusing, and enforcing 
policy advisories and for monitoring policy compliance in the management of the 
n e tworks a network of computational devices, said system comprising a plurality 
of distributed clients, each of which is associated with and runs on a 
corresponding networked computational device, and a server for coordinating 
information flow to and from individual clients, a method comprising the steps of : 

offloading a download burden from said server with a relay, wherein said 

11 .'■ 
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clients download from a designated relay; 

said server distributing each advisory once to said relay, which in turn 
distributes said advisory to said clients; and 

reducing overhead on said server a ratio of relays to clients.. 

55. (currently amended) The method of Claim 54, wherein for each client in. 
said network, both a primary relay and a secondary relay are specified. 

56. (original) The method of Claim 55, wherein each client first attempts to 
download from its primary relay; and wherein if said primary relay is unavailable 
for a client, said client can download from said secondary relay. 

57. (currently amended) The method of Claim 55, wherein if said primary relay 
fails, said secondary relay becomes a primary relay. 

58. (currently, amended) The method of Claim 57, wherein if said secondary 
relay also fails, said client automatically downloads directly from said server. 

59. (currently amended) In a system for formalizing, diffusing, and enforcing 
policy advisories and for monitoring policy compliance in the management of the 
notworks a network of computational devices, said system comprising: a plurality 
of distributed clients, each of which runs is associated with and runs on a 
corresponding networked computational device, a server for coordinating 
information flow to and from individual clients, and a plurality of relays, each of 
which aggregates and mediates communication between said distributed clients 
and said server, an apparatus comprising: 

means associated with each said client for evaluating a relevance clause 
identifying a file or group of files to upload to said server from its the associated 
computational device; 

means associated with each said client for aggregating a file pr group of 
files resident on its associated a correspond i ng n e twork e d computational device 

• . 

12 
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into a file collection; 

wherein said a relay offloads an upload burden from said server; and 
wherein said clients upload said file collection to said server via a 

designated relay; and 

means associated with each said client for distributing each file collection 

once to said relay, which in turn distributes said file collection to said server. 

60. (original) The apparatus of Claim 59, said system further comprising: 

a central server coupled to a repository of files, said server storing data in, 
and retrieving data from, said repository of files. 

61. (original) The apparatus of Claim 59, wherein said client compresses said 
file collection to reduce said collection's data size. 

62. (original) The apparatus of Claim 59, wherein said client distributes each 
file collection periodically to said relay, which in turn distributes said files to said 
server. 

63. (original) The apparatus of Claim 59, Wherein said client does not include 
files in a file collection that have not changed since a previous file collection 
continuing said files was uploaded. 

64. (original) The apparatus of Claim 59, further comprising: 

means for limiting bandwidth consumed by said client during upload of 
said file collection to said relay. 

65. (original) The apparatus of Claim 59, further comprising: 

means fpr limiting bandwidth consumed .by said relay during upload of. 
said file collection to said server. 

66. (original) The apparatus of Claim 59, further comprising: 
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means for resuming an interrupted upload of said file collection by said 
client to said relay at a point of interruption. 

67. (original) The apparatus of Claim 59, further comprising: 

means for resuming an interrupted upload of said file collection by said 
client to said relay at a point of interruption. . 
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